RE: JDBC Connection over VPN
Found a solutions for this. Apparently Java 7 wraps IPV4 addresses as IPV6, which is not supported by Cisco Anyconnect. Turning of IPV6 on the Cisco VPN adapter (Control Panel\Network and Internet\Network Connections) fixed the problem. -Original Message- From: Sanjeev Sharma [mailto:sanjeev.sha...@buchanan-edwards.com] Sent: Monday, May 07, 2012 4:04 PM To: Tomcat Users List Subject: RE: JDBC Connection over VPN Telnet seems to connect. -Original Message- From: Saurabh Makol [mailto:saurabh.ma...@gmail.com] Sent: Monday, May 07, 2012 3:50 PM To: Tomcat Users List Subject: Re: JDBC Connection over VPN Can you run telnet 1521 from command prompt when you VPN into your network? On Mon, May 7, 2012 at 3:46 PM, Sanjeev Sharma < sanjeev.sha...@buchanan-edwards.com> wrote: > Using port 1521 in both cases, but it only fails for JDBC. > > -Original Message- > From: Propes, Barry L [mailto:barry.l.pro...@citi.com] > Sent: Monday, May 07, 2012 3:43 PM > To: 'Tomcat Users List' > Subject: RE: JDBC Connection over VPN > > Could the VPN connection be utlizing the same port Tomcat or Oracle > usually does? Like something at 8080? > > Not sure if that's the case; or conversely, does going into VPN block > those ports? > > > -Original Message- > From: Sanjeev Sharma [mailto:sanjeev.sha...@buchanan-edwards.com] > Sent: Monday, May 07, 2012 2:36 PM > To: Tomcat Users List > Subject: JDBC Connection over VPN > > Hi, > > Not sure if this is a Tomcat issue. When I connect directly to a > network and startup my tomcat 7, my JDBC connection to an Oracle 11g > network works just fine, but if I tunnel into the same network, JDBC > fails to connect to the database. At the same time I'm able to make a > connection to the same database using SQL Developer/SQL Plus. My > network people tell me that all ports are open to me and when they try > to capture packets coming from me, they see nothing if I'm starting up > my tomcat. I'm not a Network or VPN expert, but as far as I know, at > the application level it should behave just as if I'm connected > directly to the network and shouldn't have to worry about which > network adapter to use (built in or VPN), and shouldn't have to worry > about routing. I'm at a complete loss, so I'm just hoping there is > magical tomcat setting which will fix my problem. Any help would be > appreciated . > > Thanks. > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > B?CB??[??XX?KK[XZ[ ?\?\??][??XX?P?X?] ?\X?KBY][??[??[X[??K[XZ[ ?\?\??Z[?X?] ?\X?KB?
RE: JDBC Connection over VPN
Telnet seems to connect. -Original Message- From: Saurabh Makol [mailto:saurabh.ma...@gmail.com] Sent: Monday, May 07, 2012 3:50 PM To: Tomcat Users List Subject: Re: JDBC Connection over VPN Can you run telnet 1521 from command prompt when you VPN into your network? On Mon, May 7, 2012 at 3:46 PM, Sanjeev Sharma < sanjeev.sha...@buchanan-edwards.com> wrote: > Using port 1521 in both cases, but it only fails for JDBC. > > -Original Message- > From: Propes, Barry L [mailto:barry.l.pro...@citi.com] > Sent: Monday, May 07, 2012 3:43 PM > To: 'Tomcat Users List' > Subject: RE: JDBC Connection over VPN > > Could the VPN connection be utlizing the same port Tomcat or Oracle > usually does? Like something at 8080? > > Not sure if that's the case; or conversely, does going into VPN block > those ports? > > > -Original Message- > From: Sanjeev Sharma [mailto:sanjeev.sha...@buchanan-edwards.com] > Sent: Monday, May 07, 2012 2:36 PM > To: Tomcat Users List > Subject: JDBC Connection over VPN > > Hi, > > Not sure if this is a Tomcat issue. When I connect directly to a > network and startup my tomcat 7, my JDBC connection to an Oracle 11g > network works just fine, but if I tunnel into the same network, JDBC > fails to connect to the database. At the same time I'm able to make a > connection to the same database using SQL Developer/SQL Plus. My > network people tell me that all ports are open to me and when they try > to capture packets coming from me, they see nothing if I'm starting up > my tomcat. I'm not a Network or VPN expert, but as far as I know, at > the application level it should behave just as if I'm connected > directly to the network and shouldn't have to worry about which > network adapter to use (built in or VPN), and shouldn't have to worry > about routing. I'm at a complete loss, so I'm just hoping there is > magical tomcat setting which will fix my problem. Any help would be > appreciated . > > Thanks. > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > >
RE: JDBC Connection over VPN
Using port 1521 in both cases, but it only fails for JDBC. -Original Message- From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Sent: Monday, May 07, 2012 3:43 PM To: 'Tomcat Users List' Subject: RE: JDBC Connection over VPN Could the VPN connection be utlizing the same port Tomcat or Oracle usually does? Like something at 8080? Not sure if that's the case; or conversely, does going into VPN block those ports? -Original Message- From: Sanjeev Sharma [mailto:sanjeev.sha...@buchanan-edwards.com] Sent: Monday, May 07, 2012 2:36 PM To: Tomcat Users List Subject: JDBC Connection over VPN Hi, Not sure if this is a Tomcat issue. When I connect directly to a network and startup my tomcat 7, my JDBC connection to an Oracle 11g network works just fine, but if I tunnel into the same network, JDBC fails to connect to the database. At the same time I'm able to make a connection to the same database using SQL Developer/SQL Plus. My network people tell me that all ports are open to me and when they try to capture packets coming from me, they see nothing if I'm starting up my tomcat. I'm not a Network or VPN expert, but as far as I know, at the application level it should behave just as if I'm connected directly to the network and shouldn't have to worry about which network adapter to use (built in or VPN), and shouldn't have to worry about routing. I'm at a complete loss, so I'm just hoping there is magical tomcat setting which will fix my problem. Any help would be appreciated . Thanks. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
JDBC Connection over VPN
Hi, Not sure if this is a Tomcat issue. When I connect directly to a network and startup my tomcat 7, my JDBC connection to an Oracle 11g network works just fine, but if I tunnel into the same network, JDBC fails to connect to the database. At the same time I'm able to make a connection to the same database using SQL Developer/SQL Plus. My network people tell me that all ports are open to me and when they try to capture packets coming from me, they see nothing if I'm starting up my tomcat. I'm not a Network or VPN expert, but as far as I know, at the application level it should behave just as if I'm connected directly to the network and shouldn't have to worry about which network adapter to use (built in or VPN), and shouldn't have to worry about routing. I'm at a complete loss, so I'm just hoping there is magical tomcat setting which will fix my problem. Any help would be appreciated . Thanks.
RE: Tomcat as Application Server
The term "Application Server" predates JEE and EJB. I would call Tomcat an App server since it "processes server-side business logic" (i.e. you don't need EJBs to process business logic and it's sometimes a bad idea anyway.) Sanjeev -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Friday, February 17, 2012 1:19 PM To: Tomcat Users List Subject: Re: Tomcat as Application Server On 17/02/2012 16:43, Caldarale, Charles R wrote: >> From: Anjib Mulepati [mailto:anji...@hotmail.com] >> Subject: Re: Tomcat as Application Server > >> So can I say Tomcat is Web Server but doesn't not support as full >> application Server? > > That rather depends on to whom you want to say it. Again, Tomcat is a > servlet container (as defined in the Java EE specs), which is more than > adequate to run many applications. Whether or not it's an appropriate server > for the job you want to do depends on what exactly you want to do - which you > haven't told us. > > (Why does this line of questioning sound suspiciously like a homework > project?) (Or trolling.) Tomcat is not a full JEE server, as stated above. The definition of 'Application Server' is not 'Full JEE Server' unless you drink Oracle juice for breakfast. I have and do run applications on Tomcat, which is a server. All of which amounts to a semantic "so what?". p > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you received > this in error, please contact the sender and delete the e-mail and its > attachments from all computers. > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -- [key:62590808]
RE: controlling Server Authentication only vs Mutual authentication
That's what I thought. Thanks anyway. This is good information! -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Tuesday, February 14, 2012 11:50 AM To: Tomcat Users List Subject: Re: controlling Server Authentication only vs Mutual authentication -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sanjeev, On 2/13/12 11:01 PM, Sanjeev Sharma wrote: > Thanks for your reply. If I set clientAuth="want" will it not ask > me for a certificate every time I create a new session? It will not ask for a certificate, but if you provide one, then it will be used. > And if I'm forwarding (or redirecting) from a page that only > requires straight SSL with server authentication to one which > requires mutual authentication, will it force the browser to prompt > for a client certificate? This won't work with forwarding, because that's all done after the Connector has performed the SSL negotiation: if you want to change the SSL rules, you'll have to perform a redirect to a location that requires SSL. Or, I suppose, you could sniff the certificate at some point and perform a redirect if you needed the certificate. Cert negotiation is done at the SSL level (before your code even knows there is a request) and I don't believe the webapp itself can tell Tomcat how to respond because it's too late. If you redirect to a place that requires a client certificate, then the certificate will be requested. I'm fairly sure that means you'll have to use a different port number or IP address, since you can't have two different settings for "clientAuth" on a single connector: you'll need two (or more). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk86kLsACgkQ9CaO5/Lv0PBprgCgurJCNmUu4PnunjGRCQCP7b0C PD4An2hUad5YMctmWAR+h6vpGjxpTeql =rzrP -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: controlling Server Authentication only vs Mutual authentication
Christopher/Pid, Thanks for your reply. If I set clientAuth="want" will it not ask me for a certificate every time I create a new session? And if I'm forwarding (or redirecting) from a page that only requires straight SSL with server authentication to one which requires mutual authentication, will it force the browser to prompt for a client certificate? Sanjeev. -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Monday, February 13, 2012 4:23 PM To: Tomcat Users List Subject: Re: controlling Server Authentication only vs Mutual authentication -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Pid, On 2/13/12 3:39 PM, Pid wrote: > On 13/02/2012 17:42, Christopher Schultz wrote: >> Sanjeev, >> >> On 2/9/12 11:17 AM, Sanjeev Sharma wrote: >>> I work on an java web-app running on Tomcat 7. The entire >>> application is required be doing SSL on port 443 (everything is >>> accessed via https://). Two different login options are given >>> to the user : username/password or client certificate >>> authentication. We employ application-managed security as >>> opposed to contain-manage (i.e. we don't use realms). I have >>> the following connector in my server.xml: >> >>> >> maxThreads="150" scheme="https" secure="true" >>> keystoreFile="d:\certs\server_cert.jks" keystorePass="changeit" >>> truststoreFile="d:\certs\truststore.jks" >>> truststorePass="changeit" clientAuth="true" sslProtocol="TLS" >>> /> >> >> >>> This forces mutual authentication on anything I try to access >>> using https. How can I configure tomcat so that only specific >>> links (a specific struts action for example) would require >>> mutual authentication or how can I exclude from the mutual >>> authentication. >> >> I think what you want is clientAuth="want" and then you can >> maybe write a Filter that requires certain SSL certificate >> features in order to pass-through. Then, just map your Filter to >> those areas that require (additional?) SSL authentication. > > Is this a variation on the SSLFormFallback thing again? It's tough to tell. At any rate, here's the link for the OP: http://wiki.apache.org/tomcat/SSLWithFORMFallback - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk85f0cACgkQ9CaO5/Lv0PCGswCfQYAJWL099gO+Qe7/Q7nrKtrl GJUAni7zQNZyWjonMnygEmCraQXsGf/+ =XBwa -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: controlling Server Authentication only vs Mutual authentication
Found a solution to this. In case anyone is interested in, I gave my server two IP addresses and used two connectors with the two IP address in the "address=" field of the connectors. I set one of them to "clientAuth="true" and the other "clientAuth=false". I do have to do a "redirect" from one to the other when I would've preferred to "forward", but otherwise this solution works. -Original Message- From: Sanjeev Sharma [mailto:sanjeev.sha...@buchanan-edwards.com] Sent: Thursday, February 09, 2012 11:18 AM To: Tomcat Users List Subject: controlling Server Authentication only vs Mutual authentication Hi, I work on an java web-app running on Tomcat 7. The entire application is required be doing SSL on port 443 (everything is accessed via https://). Two different login options are given to the user : username/password or client certificate authentication. We employ application-managed security as opposed to contain-manage (i.e. we don't use realms). I have the following connector in my server.xml : This forces mutual authentication on anything I try to access using https. How can I configure tomcat so that only specific links (a specific struts action for example) would require mutual authentication or how can I exclude from the mutual authentication. Thanks, Sanjeev.
controlling Server Authentication only vs Mutual authentication
Hi, I work on an java web-app running on Tomcat 7. The entire application is required be doing SSL on port 443 (everything is accessed via https://). Two different login options are given to the user : username/password or client certificate authentication. We employ application-managed security as opposed to contain-manage (i.e. we don't use realms). I have the following connector in my server.xml : This forces mutual authentication on anything I try to access using https. How can I configure tomcat so that only specific links (a specific struts action for example) would require mutual authentication or how can I exclude from the mutual authentication. Thanks, Sanjeev.
RE: Client Authentication--getting certificate information on the server side
Thanks so much. I was just dumping session in psi-probe. I didn't think to look in the request. I get exactly what I need when I us request.getAttribute(org.apache.catalina.Globals.CERTIFICATES_ATTR). Thanks again! -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Monday, February 06, 2012 12:20 PM To: Tomcat Users List Subject: Re: Client Authentication--getting certificate information on the server side On 06/02/2012 17:01, Sanjeev Sharma wrote: > Hello, > > I'm trying to configure client authentication in Tomcat 7 on Windows 7. I > have the following connector in the server.xml: > > protocol="HTTP/1.1" >SSLEnabled="true" >maxThreads="150" >scheme="https" >secure="true" >keystoreFile="d:\certs\server_cert.jks" >keystorePass="changeit" >truststoreFile="d:\certs\truststore.jks" >truststorePass="changeit" >clientAuth="true" >sslProtocol="TLS" /> > > In my web.xml I have the following : > > > CLIENT-CERT > PKI Enabled App > > > This forces client authentication when I try to access the app using a > browser and when I provide a trusted certificate, I'm able get authenticated. > After the authentication I was expecting to get the client certificate > information in the session, but I get nothing. How do I pass the Common Name > from the subject line of the client certificate to the server during > authentication so that I can access it from a struts action? > > Thanks in advance. There are a number of variables (javax.servlet.request.ssl*) available in the *request* rather than the session. Which ones are you trying to access? There's a list of various relevant things here: http://svn.apache.org/repos/asf/tomcat/trunk/java/org/apache/catalina/Globals.java p -- [key:62590808]
Client Authentication--getting certificate information on the server side
Hello, I'm trying to configure client authentication in Tomcat 7 on Windows 7. I have the following connector in the server.xml: In my web.xml I have the following : CLIENT-CERT PKI Enabled App This forces client authentication when I try to access the app using a browser and when I provide a trusted certificate, I'm able get authenticated. After the authentication I was expecting to get the client certificate information in the session, but I get nothing. How do I pass the Common Name from the subject line of the client certificate to the server during authentication so that I can access it from a struts action? Thanks in advance.
archived mailing list activity
Does anyone know if the messages on this mailing list are archived anywhere? I sent a question to the mailing list last night, but was not able to sign up for the mailing list from my Yahoo email account. I am signed up using my work email address, but don't know if anyone answered my question. I would rather not annoy people by re-posting my question. Thanks.